First DC died

[Yor Suiris]

The machine that I oringally setup our current AD on died a week or two ago.
I was not concerned adout my AD at the time since I had a second DC and it
had all the info. I setup a New machine did a dcpromo and joined it as a DC
to my AD. After some hassles getting the roles and DNS moved around things
seemed to be fine.
Till one of the current DCs has to reboot and then my AD goes all screwy.
When logged on to the primary DC it can not find the domain control. My
Group policy is not applied nor found. The Sysvol share is lost. Some
services fail to start (i.e. Exchange Service Attendant, a search of MS
Knowledge base suggest the lost of the account rights as the cause and a
suggestion about the last DC being demoted).
So now, I wonder if losing the Oringal DC is causing my problems. Any input?

 

[Chriss3]

Yes, You should remove it completely from AD, ensure you have transfer all
FSMO roles to another DC or you may have to size them to another DC if you
can't transfer them from the current holder. You also have to make sure a
Global Catalog Server exist on atleast one Domain Controller. You should
also clean up old DNS records pointing to the died DC.

 

[Yor Suiris]

I have done all that. But the Second DC (Global Cat server) on our system
keeps showing errors in the logs that it can not find the First DC (dead
one). And the Third DC (New one which has siezed all other roles) shows the
dead First DC as the Root Domain Server in the registry. Also MSExchange
DSAccess shows the dead server as it's default logon.
Can I just edit the registry entires to reflect our current setup or is
there a better way to get things updated?

And on a different point (I think) when the Second DC which is the Global
Catalog Server is offline no one can log on. Even though the Primary DC
(Third one) is up and running. Is this the way it should work or just
another sympton of my AD problem?

 

[Chriss3]

You have to remove the dead domain controller completely from Active
Directory.

HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

 

[Yor Suiris]

Thanks Chriss3, The link lead to a lot of useful stuff.

However when using NTDSUTIL I do not see any reference to the dead DC to
delete. I just see the two current DCs. However the dead one still shows in
the other DCs Registry and Errors in the logs. Any other ideas?

Now, when selecting the site, domain or server, using NTDSUTIL I get

No current server
No current Naming context.

And wonder if this is part of my problem or normal as I have not used
NTDSUTIL much.

 

[Chriss3]

Hello, Have you bound (logged) in at NTDSUTIL as administrators before you
trying the operation?

 

[Yor Suiris]

I used a domain admin account when I logged on to the machine. And when I
connected to a DC it said "using credentials of locally logged on user".

 

[Yor Suiris]

Wait a bit. The ntdsutil "no current server" is not a problem, I think. I
have been playing with the ntdsutil and it's "help" menus and I think my
question yesterday was, as I stated, just from ignorance of ntdsutil itself.
Once I selected a server and then a contexts these errors were not. And the
dead machine was not listed anywhere. Infact with ntdsutil everything looks
fine.

However. I still have regisrty entiries that refer to the dead machine and a
log error about MSExhange DSAccess not being able to find the dead one. Also
on the newest DC the Sysvol share keeps disappearing when the machine
reboots.